net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED is se… #35
Conversation
…t in sip-communicator.properties
| @@ -122,6 +122,16 @@ public void start(BundleContext bundleContext) | |||
| ConfigurationService config | |||
| = ServiceUtils.getService( | |||
| bundleContext, ConfigurationService.class); | |||
|
|
|||
| Boolean always_trust_mode = config.getBoolean( | |||
| "net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED",false); | |||
There was a problem hiding this comment.
This changes the current default behaviour.
There was a problem hiding this comment.
This changes the current default behaviour. By default this should be enabled.
There was a problem hiding this comment.
@damencho I strongly disagree with that. The default should be secure. If someone needs to connect with TLS insecurely, he should have the option to set that.
There was a problem hiding this comment.
Yep, I see your point and I agree.
|
Hi, thanks for your contribution! |
|
Signed. |
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED is set in sip-communicator.properties
I could suggest this trivial change in the jigasi code as consequence of the topic discussed on this thread: http://lists.jitsi.org/pipermail/users/2016-June/011191.html (http://lists.jitsi.org/pipermail/users/2016-June/thread.html#11191)
The reason: move the configuration of the ALWAYS_TRUST_MODE_ENABLED property to the sip-communicator.properties, so as sysadmin you can take the decision of trust or not in all the certificates. By default, I considered the ALWAYS_TRUST_MODE_ENABLED=false as a more secure option in order to prevent MiM attacks.